Fix/docker permision

[ricardo-ha]

I resolve this Docker problem:
#542

Fix permission issues and add GPU support
The original Dockerfile creates the voicebox user with a system-assigned UID, which causes permission errors in two places:

1. HuggingFace cache — Docker initializes named volumes as root when the target directory doesn't exist in the image, so the voicebox user can't write to it.

2. Bind-mounted output directory — The unpredictable UID doesn't match the host user, causing soundfile to fail when saving generated audio.

Changes:

• Pin voicebox to UID/GID 1000 so bind-mounts work without manual chown on the host.

• Pre-create /home/voicebox/.cache/huggingface with correct ownership so the named volume inherits the right permissions.

Summary by CodeRabbit

• Chores
  • Enhanced Docker container user setup with deterministic ID assignment for improved consistency
  • Initialized HuggingFace model cache directory in container environment
  • Added optional NVIDIA GPU support configuration to deployment settings (currently disabled)

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates Docker deployment configuration to use deterministic runtime user IDs (1000) and initializes a HuggingFace cache directory with proper ownership. Adds optional commented NVIDIA GPU passthrough configuration to docker-compose for future enablement.

Changes

Cohort / File(s)	Summary
Runtime User & Cache Setup Dockerfile	Replaces system-assigned IDs with explicit GID/UID 1000 for voicebox group and user. Adds initialization and ownership setup for HuggingFace cache directory at /home/voicebox/.cache/huggingface.
GPU Configuration (Optional) docker-compose.yml	Adds commented optional NVIDIA GPU passthrough configuration under deploy.resources with driver, device count, and GPU capabilities. Includes comment labeling the existing resource limits section.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: add Docker + web deployment support #161: Modifies Docker deployment files with focus on runtime user creation/ownership and HuggingFace cache directory handling, directly aligned with these configuration updates.

Poem

🐰 A rabbit hops through Docker lanes,
With IDs set to one-zero straight,
HuggingFace cache finds its place,
And GPU dreams stay commented—for a patient day. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'Fix/docker permision' is partially related to the changeset—it addresses Docker permission issues, which is a core part of the changes. However, the title is overly vague and contains a typo ('permision' instead of 'permission'), and doesn't specifically convey what was fixed or why.	Revise the title to be more specific and clear, such as 'Fix Docker user permissions by pinning UID/GID and pre-creating HuggingFace cache' or 'Fix permission issues in Docker user setup with deterministic IDs'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

Dockerfile (1)

48-49: Make UID/GID configurable while keeping deterministic defaults.

Lines 48-49 are effective for the common case, but hardcoding 1000 can still break bind-mount writes on hosts where the user UID/GID differs. Consider build args with defaults so users can override when needed.

Suggested diff

+ARG VOICEBOX_UID=1000
+ARG VOICEBOX_GID=1000
 RUN groupadd -r -g 1000 voicebox && \
-    useradd -r -g voicebox -u 1000 -m -s /bin/bash voicebox
+    useradd -r -g voicebox -u ${VOICEBOX_UID} -m -s /bin/bash voicebox

-RUN groupadd -r -g 1000 voicebox && \
+RUN groupadd -r -g ${VOICEBOX_GID} voicebox && \
     useradd -r -g voicebox -u ${VOICEBOX_UID} -m -s /bin/bash voicebox

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 48 - 49, The Dockerfile currently hardcodes UID/GID
1000 in the RUN that creates the voicebox group/user; make them configurable by
adding build arguments (e.g. ARG VOICEBOX_UID=1000 and ARG VOICEBOX_GID=1000)
and use those variables in the groupadd and useradd commands (replace literal
1000 with the ARG values for -g and -u and for useradd -g), so builders can
override at build time while keeping 1000 as the deterministic default.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Dockerfile`:
- Around line 48-49: The Dockerfile currently hardcodes UID/GID 1000 in the RUN
that creates the voicebox group/user; make them configurable by adding build
arguments (e.g. ARG VOICEBOX_UID=1000 and ARG VOICEBOX_GID=1000) and use those
variables in the groupadd and useradd commands (replace literal 1000 with the
ARG values for -g and -u and for useradd -g), so builders can override at build
time while keeping 1000 as the deterministic default.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ed5724ed-ad6b-43b0-9bb4-53dfe154d3c3

📥 Commits

Reviewing files that changed from the base of the PR and between b35b909 and b17b2ce.

📒 Files selected for processing (2)

• Dockerfile
• docker-compose.yml